diff options
author | Steve Holme <steve_holme@hotmail.com> | 2015-02-09 20:58:33 +0000 |
---|---|---|
committer | Steve Holme <steve_holme@hotmail.com> | 2015-02-09 21:01:39 +0000 |
commit | d771b44e538aac30b29189fc5c0f3e0f2b668d93 (patch) | |
tree | 4873282404683bff7ac1305a3318e073b5d95740 /lib/vtls | |
parent | 7eebf9a3fb7058ca95038450184ec44609a0daa7 (diff) |
openssl: Disable OCSP in old versions of OpenSSL
Versions of OpenSSL prior to v0.9.8h do not support the necessary
functions for OCSP stapling.
Diffstat (limited to 'lib/vtls')
-rw-r--r-- | lib/vtls/openssl.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 68ca1fbcd..38cf79a27 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1323,7 +1323,8 @@ static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert) return result; } -#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT) +#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ + !defined(HAVE_BORINGSSL) static CURLcode verifystatus(struct connectdata *conn, struct ssl_connect_data *connssl) { @@ -2060,7 +2061,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) return CURLE_OUT_OF_MEMORY; } -#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT) +#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ + !defined(HAVE_BORINGSSL) if(data->set.ssl.verifystatus) SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp); #endif @@ -2748,7 +2750,8 @@ static CURLcode servercert(struct connectdata *conn, infof(data, "\t SSL certificate verify ok.\n"); } -#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT) +#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ + !defined(HAVE_BORINGSSL) if(data->set.ssl.verifystatus) { result = verifystatus(conn, connssl); if(result) { @@ -3202,7 +3205,8 @@ void Curl_ossl_md5sum(unsigned char *tmp, /* input */ bool Curl_ossl_cert_status_request(void) { -#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT) +#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ + !defined(HAVE_BORINGSSL) return TRUE; #else return FALSE; |